Solutions Review curates and presents more expert commentary on the REvil ransomware attack.
As more details filter in about the REvil ransomware attack, previously reported on here, the more devastating the attack appears. Up to 1,500 companies globally may have been affected. Businesses hit by the ransomware, including the Coop grocery chain based in Sweden, might take weeks to reopen. Kaseya is working to release the patch to close the vulnerability which allowed this colossal ransomware attack.
The scale of this attack can’t be overstated. So we rounded up even more cybersecurity expert commentary to help your business make sense of the REvil ransomware attack and what it means for you.
Here’s what they had to say.
Expert Commentary on the REvil Ransomware Attack
Chris Clements is VP of Solutions Architecture at Cerberus Sentinel.
“This incident should highlight just how vulnerable most organizations are to single points of failure that can completely derail operations. Yesterday was SolarWinds, today is Kaseya, but there are dozens of other management and monitoring tools that have complete control of all systems and data on networks they are deployed on. These tools can provide management productivity boosts, but by their very nature introduce massive risk. It is incumbent on organizations to recognize this trade-off conduct an in-depth security evaluation as part of the acquisition of these products and services. It must be part of your threat monitoring. Too many organizations discovered this weekend that there wasn’t a plan if their MSP or their tools were compromised.”
Demi Ben-Ari is CTO and Co-Founder of Panorays.
“Kaseya VSA cyber incident that resulted in the massive REvil ransomware attack is unquestionably one of the most serious supply chain attacks in history. It could even very well turn out to be a much larger incident than the SolarWinds breach since some of its victims are Managed Service Providers (MSPs) that may each work with hundreds of businesses.
Moreover, it should be noted that the Russian-based REvil hacker group has been active since April 2019 and provides ransomware as a Service. That is, it develops software that paralyzes networks and sells it to so-called affiliates, who earn the bulk of the ransom. So unlike the SolarWinds breach, the primary motive of this cyber-attack appears to be money.”
James McQuiggan is Security Awareness Advocate at KnowBe4.
“Cyber-criminals continue to target organizations that provide services or products to a large number of customers or clients in an attempt to maximize their attack footprint. As seen with earlier cyber-attacks, cyber-criminals manipulate updated code to attack various customer organizations. As with all cyber-criminal activity, their attacks have evolved and now involve injecting a ransomware attack within the code to leverage the trusted connections of the targeted organization.
Cyber organizations need to be transparent with these large-scale attacks to a supply chain service to thousands of customers and users. With this type of remote service to customers, it is essential to mitigate the risk of further attack by following the vendor’s recommendations, even if that means shutting down the service or systems.
When organizations are informed about a zero-day vulnerability by security researchers or other third parties, communication and repeatable response plans must be implemented to mitigate the risk and make the corrected update available as soon as possible.”
Matt Sanders is Director of Security at LogRhythm.
“This is, unfortunately, a major reminder that ransomware attacks continue to be an increasing threat to companies, critical infrastructure organizations, and government agencies at all levels. This attack is especially dangerous because Kaseya is used by many Managed Service Providers that businesses trust to handle their IT functions such as endpoint inventory, patching, and software deployment. With up to 1,500 possible businesses affected by the Kaseya ransomware attack, the impacts from the attack will be felt for months to come.
Recovering from a ransomware attack takes time, and a well-rehearsed incident response plan will prove invaluable should the worst happen. Aside from planning their response to a successful attack, organizations should keep their prevention and detection technologies top of mind by ensuring that they have the appropriate protective controls in place, as well as visibility into what is happening across their environment. A properly configured security monitoring solution that has full visibility into the environment with robust automated response capability would help organizations such as Kaseya identify malicious activity and thwart bad actors before ransomware can take hold.”
Stephan Chenette is Co-Founder & CTO at AttackIQ.
“This ransomware attack highlights the complexity and far-reaching damage of a B2B data breach. The incident not only impacts Kaseya itself but also its customers, who rely on its services to keep their operations moving forward. As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom – it is likely that the organization will suffer reputational damage, legal consequences, and loss of data and business. Because of this, it’s important to adopt a proactive and threat-informed approach to security strategy that allows for an organization to know it can thwart ransomware attacks.
To best defend against ransomware, it’s important to understand the common tactics, techniques, and procedures used by the adversary. In doing so, companies can build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors. Additionally, companies should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to avoid falling victim.”
Thanks to these experts for their time and expertise on the REvil Ransomware Attack. For more, check out the Endpoint Security Buyer’s Guide.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021